Endpoint threat detection specialist CounterTack announced the next-generation of its threat detection and response platform, Sentinel, which combines real-time stealthware with big data analytics to help organizations defend themselves against targeted, persistent threats.
Sentinel's driverless behavioral analysis capability analyzes application execution in real time to identify attacks in progress, and the platform also identifies what actually happened during an attack while providing forensic-level details of attacks in progress.
In addition, the platform’s search interface helps teams access any type of endpoint data from artifacts like files and registry keys, to real-time network statistics of which attacks accessed which hosts.
This searchable data is designed to enable security engineers to understand how one identified attack affects the entire enterprise without the need for individual endpoint querying.
"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," Jae Woo Lee, general manager of the managed security service team at SK Infosec, said in a statement. "We needed a platform that provides deep behavioral analysis of persistent attacks with an unparalleled level of intelligence, to make better security decisions. Sentinel gives us the visibility and attack context that we need to prioritize our response to known and unknown threats."
Sentinel does not install agents to collect data on endpoints, but instead uses a lightweight, driverless kernel technology to gather continuous, real-time data from endpoints, which helps minimize the platform’s impact on network performance.
The Sentinel platform is built on big data technology, which helps it scale to handle hundreds of thousands of endpoints. Simultaneously, the solution provides real-time forensic data through enterprise architecture, offering IT and security teams high availability, load balancing and enhanced search capabilities.
All process activity and interactions with files, registries and network communication are followed from deep within the host operating system, and advanced search and visualization tools allow users to follow threats across the enterprise, while a representational state transfer (RESTful) application programming interface (API) provides programmatic access.
"Persistent, motivated attackers have had the advantage over enterprise and government organizations for far too long – it’s time to put these organizations back in control of their security," Neal Creighton, CEO of CounterTack, said in a statement. "We leverage attackers’ own technology and methods, delivering enterprise-grade stealthware to customers, that provides automated attack intelligence and enterprisewide correlation. With Sentinel, CounterTack is turning the tide on attackers by giving teams a platform that’s simple to deploy and operationalize across the entire enterprise."
According to a report on endpoint security response practices, conducted by IT research firm Gartner in September, kernel-based tools offer better protection from tampering because the userland agent tool cannot be protected from the attacker with kernel-level access. For example, it is more difficult for the attacker to hide from endpoint threat detection and response (ETDR) data collection than native OS logging, the report noted.